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Description 

The present invention relates to methods and apparatus for preventing the corruption or destruction of 
data in computer systems, and is particularly concerned with the detection and containment of hostile programs 
5 such as "virus" programs within computer systems. The word "virus", which has become a welt-known term in 
the art, will be used herein as a generic name for all hostile programs. 

There is an increasing problem with computer viruses which are introduced into computer systems by clan- 
destine means with consequences of varying degrees of seriousness from minor inconvenience to the system 
user, to complete destruction of data or disablement of the system. The propagation of viruses can be controlled 
10 by controlling the operations which can be performed on particular data or classes of data. However, proposals 
to date for implementing such classification methods rely on a high degree of user discipline, and/or hardware 
modification of computers and/or hard disks, and/or software modification of the operating system, and/or 
knowledge of virus signatures. 

It is an object of the present invention to obviate or mitigate the aforesaid disadvantages. 
15 It is a further object of the present invention to provide a method of, and apparatus for, virus detection and 

containment capable of implementation on a computer system using: a 'standard' version of a given computer 
operating system; a 'standard' computer capable of operation using such an operating system; and 'stan- 
dard' computer devices. 

In the sense used hereinbefore, the word 'standard' means that which would be routinely purchased from 

20 manufacturers of these devices, without special modification. 

The invention described herein may aptly be described as a 'Supervisor' ie. an arrangement which controls 
read, write and format operations performed on data on a storage medium of a computer system. While it is 
true that an operating system supervises the transfer and storage of all data within a computer system it is 
also true that a virus can be introduced and can circumvent this supervision if the computer is used with doubt- 

25 ful or unlicensed software. This allows a potential virus to replicate itself, to change, damage or delete data, 
and even to make the whole system inoperable. 

It is, therefore, a further object of the present invention to provide an additional level of supervision which 
addresses the above circumstances. The invention specifically limits the damage a virus can cause and pro- 
tects certain existing data areas. 

30 It should, however, be stressed that there exists a hierarchy of potential virus infection ranging from inno- 

cent usage of infected software, even after precautions have been followed, through to deliberate sabotage 
of a system. There is ultimately no defence against this latter situation, given that computer systems are de- 
signed to respond to human inputs. The present invention would not claim to prevent this situation either. What 
it does do is to provide a framework within which a viral attack may be detected and contained. It, therefore, 

35 allows the user a mechanism for protection of his files. Starting from a virus-free position, it permits a way of 
introducing further software or modifications to existing software which, if infected, would corrupt only part 
of the user's existing system. 

According to a first aspect of the invention there is provided a method of controlling access to and modi- 
fication of information stored on a storage medium forming part of a computer system comprising: 

40 dividing information stored on the storage medium into a plurality of non-overlapping partitions, includ- 

ing a boot partition and a plurality of general partitions, each of the partitions being further divided into a plur- 
ality of sectors, any designated subset of the general partitions being active at any given time when the com- 
puter system is in use, 
characterised by, 

45 providing supervising means (a Supervisor) separate of a central processing unit (CPU) of the computer 

system and made inaccessible to the user for controlling the performance of read, write and format operations 
upon the information stored on the storage medium so as to allow, restrict or prevent such operations depend- 
ing upon the type of information stored within a sector and type and status of the partition within which the 
sector is located, 

so the supervising means causing a reset to be required of the computer system should an attempt be made 

to perform a prohibited read, write or format operation, said reset causing memory to be cleared and the op- 
erating system to be loaded. 

In the preferred embodiment of the invention, read operations are allowed on any information in the boot 
partition, but an attempt to write to or format the boot partition causes a system reset 

55 Notwithstanding this constraint, write operations to certain designated bytes within the boot partition could 

be allowed under the direct control of the Supervisor, dependent for example on the requirements of the com- 
puter operating system. 

As part of the invention, the boot sectors of the storage medium are treated as part of the boot partition, 
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irrespective of the position of the starting sector of the boot partition as may be defined by the disk operating 
system. 

Preferably also, reading of any operating system information sectors or user-generated information sectors 
in an active general partition is allowed, writing to such user-generated information sectors is allowed, and writ- 
5 ing to such operating system information sectors is restricted such that an attempt to modify the size or boun- 
daries of the partition causes a system reset 

Preferably also, only the reading of information from operating system sectors of inactive general partitions 
is allowed, and an attempt to perform any other read, write or format operation on such partitions is either de- 
nied or causes a system reset 
10 According to a second aspect the invention provides an apparatus for controlling access to and modifi- 
cation of information stored on a storage medium of a computer system, the information on the storage medium 
being divided into a plurality of non-overlapping partitions, including a boot partition and a plurality of general 
partitions, each partition being further divided into a plurality of sectors, any designated subset of the general 
partitions being active at any given time when the computer system is in use, characterised in that the ap- 
is paratus comprises a supervising means (a Supervisor) separate of a central processing unit (CPU) of the com- 
puter system for controlling the performance of read, write or format operations stored on the storage medium 
so as to allow, restrict or prevent such operations depending upon the type of information stored within a sector 
and the type and status of the partition within which the sector is located wherein, in use, the supervising means 
causes a reset to be required of the computer system should an attempt be made to perform a prohibited read, 
20 write or format operation. 

The invention may provide hardware means or f irmware means or a combination of both adapted to be 
incorporated into an existing system so as to implement the method defined above. This may be in the form 
of packages which can be mounted within a system or as stand-alone units. 

This invention preferably uses a second processor which is made inaccessible to the user and to the virus. 
25 This processor's sole purpose is to supervise all data transfer between and within sub-divisions of the device 
or devices placed under its control. 

The processor's function is, therefore, to impose restrictions on certain operations dependent on certain 
criteria, namely, the data type, the source and destination of the data in question and possibly the user of the 
machine. The actual information stored does not, however, play any role in the decision process. 
30 A partition, in the case of a storage device such as a hard disk, is considered itself to be a device or a sub- 
division of a device. In the case of a f ileserver the equivalent partition is a node on the network or sub-division 
of a node. The supervising processor uses these definitions in its decision making process. 

The Supervisor may be implemented on a printed circuit board as an expansion card to be inserted into 
the computer system. 

35 Further details of various aspects of the invention will now be discussed in the following description of an 

embodiment of the invention, given by way of example only, with reference to the accompanying drawings 
which are: 

Fig. 1 a schematic block diagram of a hardware arrangement embodying a Supervisor according to the 
present invention; and 

40 Fig. 2 a schematic circuit diagram of an actual embodiment of the Supervisor of Fig. 1. 

In the following description the storage medium given as an example is a hard disk and the system is an 
IBM PC. 

In order to understand the background to the invention it is necessary to give a brief review of certain or- 
ganisational aspects of DOS, an operating system applicable to 'IBM-compatible' personal computers. A hard 

45 disk may be divided by the user into several logically discrete areas called partitions. Each of these partitions 
is made up of logically consecutive sectors. Within each partition the starting sectors and a number of additional 
sectors contain, amongst other information, the starting and ending sector addresses of the partition and the 
information essential forf inding the sectors in which a given file is located within the partition. Partitions cannot 
overlap. Under DOS, the f irst physical sector of the hard disk also contains essential information regarding 

so the partition geometry. The invention treats this sector as an integral part of the boot partition. 

In order to give an understanding of a Supervisor according to the invention, a general description will first 
be given of the function of the Supervisor, whether it is implemented in hardware, firmware or a combination 
of both. A specific description of an embodiment of a 'Supervisor* will then be given with reference to Figs. 1 
and 2. 

55 In general terms the invention relates to the control that the Supervisor exerts over partitions of a storage 

medium, in this example a hard disk. The user is encouraged to make active use of separate partitions for sep- 
arate applications programs. The Supervisor stores partition information including, for each partition, the sector 
bounds and addresses of those sectors containing Operating System information (OS-sectors) and those con- 
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taining User Information (Ul-sectors). 

The user may use several partitions on the disk. All these partitions, save for one, are treated in an equiv- 
alent way by the Supervisor. In essence, they are kept independent of each other, but may, if required, be 
linked. The special partition is the boot partition, and may be termed the Unique partition or U-partition. The 
5 U-partition will contain, at least, the sectors for booting the hard disk and the DOS operating system files. It 
could also be used to store other files which are 'read-only* and known to be virus-free. 

At any point in time, any one or, if allowed, more of the remaining partitions (general partitions) will be 'Ac- 
tive' and may be termed the A-partition(s). The remaining 'other' partitions may then be termed O-partitions. 
It will be the user's choice as to which partition or partitions become active, either by deliberate pre-selection 
10 at boot or by automatic activation as a result of the first write to OS-sectors or read/write to Ul-sectors of a 
partition other than the U-partition. 

The f u notions of the Supervisor are defined in Ta ble 1 . There are three typical d isk commands: Read, Write 
and Format Table 1 shows how the Supervisor controls these commands depending upon the type and status 
of the relevant partition and sector. 

15 
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The interpretation of Table 1 is as follows:- 

(a) At any time, all files in the U- partition may be read. Any attempt to write or format will be detected and 
result in a reset 

(b) Within an A-partition, reading, writing and formatting is allowed to all files. Note that, where permitted, 
5 writing to OS-sectors is termed 'restricted' which means that attempts to modify the partition basic geom- 
etry (bounds, size) would be detected by the Supervisor and result in a reset of the computer. 

(c) The only command permitted on an O- partition is that of reading OS-sectors. All others will either cause 
a reset or be denied. In particular, U I -sectors may not be read since the 'read' action could contain an im- 
plied 'execute'. 

10 When the Supervisor applies a reset, this in turn results in a cold re-boot of the computer. This reset is 

critical as memory must be cleared in order to prevent a virus from remaining intact in memory. 

Should a virus exist in a program, it can only become active when that program is read from the disk and 
then executed. By definition, since the U-partrtion is virus-free, that program could only be stored in a current 
A-partition and any attempt by the virus to corrupt, that is write to, any file in other partitions would be detected 
15 and prohibited. The Supervisor would initiate a reset which would clear memory, load the operating system 
and bring the computer to a virus-free condition. 

Prior to this action, the Supervisor will set a register to an appropriate value and write a message to the 
disk which, on completion of the re-boot, will be read by the computer and used to define one of a set of non- 
corruptible messages held in a ROM (Read Only Memory). 
20 This will be sent to the screen of a Video Display Unit of the computer system giving the user information 
on the reason for the reset and thus warning him of an attempt to write illegally, which could be a signal that 
a virus is present in the previous A-partition. 

Clearly, a virus can be introduced into the hard disk. It can replicate itself and corrupt files, but only in the 
partition in which it was loaded. Thus, the virus can be contained and it can be detected when it tries to spread 
25 outwith the partition in which it resides. 

All of the above protection constraints take effect when the Supervisor is in so-called 'supervised' mode. 
This is the normal default mode when the system is booted from the hard disk. 

Initially, however, it is necessary to place the Supervisor in so-called 'unsupervised' mode, in order to allow 
the setting up of the hard disk in terms of its partitions, and this is achieved by booting from a DOS floppy 
30 disk. Once the initial set-up of the hard disk has been achieved, a Password has to be chosen and the Super- 
visor will only permit itself to be placed in unsupervised mode again when booted from a floppy disk if the same 
Password is correctly entered on the keyboard. 

It will be recognised that the unsupervised mode is potentially dangerous. However, it is necessary to be 
able to implement this mode for legitimate operations including system set-up and maintenance. Provision is 
35 provided for the Password to be changed when the system is put in unsupervised mode. 

It is clear from the foregoing that the invention treats the partitions as though they were complete logical 
disks. At any one time therefore, a current A-partition (or designated set of A-partitions), is to all intents and 
purposes a hard disk in its own right 

In hardware form the Supervisor may reside in the back plane of the computer and will look like (or be) a 
40 modified hard disk adaptor card with the additional capability of resetting the computer. Its hardware will con- 
trol the hard disk bidirectionally, the intelligence of the Supervisor will be derived from a microprocessor, RISC 
processor or transputer with the controlling program resident in ROM. 

Atypical example of the use of the Supervisor would include the addition of a hard disk drive, using a SCSI 
(Small Computer Systems Interface) interface to a personal computer with no SCSI initiator capability. In this 
45 case the Supervisor would be part of the SCSI adaptor card, slotted in the back plane of the computer, which 
would be needed in any case for interfacing the drive to the computer. Another example would be that of a 
computer with an existing SCSI output port, to which a SCSI drive is coupled. Then the Supervisor would be 
a (smaller) card attached to the SCSI connector port to which the drive cable would attach. 

Alternatively, in the firmware form the Supervisor could simply consist of modifications to the hard disk 
so firmware and to the firmware of a suitable SCSI adaptor card. The Supervisor would then intercept SCSI sig- 
nals, but would be designated to be effectively transparent to either the host or the drive. 

Whether in hardware or firmware form, the Supervisor will have sufficient volatile memory to hold the DOS 
operating system parameters that define the partition structure. 

Referring now to Figure 1 there is shown a block diagram of a hardware arrangement suitable for impie- 
55 menting the Supervisor. The Supervisor provides a typical hard disk adaptor card interface 10 to a mother 
board of a person computer (PC) or the like, and Read Only Memory (ROM) 12 containing an appropriate BIOS 
(Basis Input/Output System) driver for operation of the hard disk. 

The Supervisor hardware embodying the invention includes a microprocessor 14 and a transceiver 16, 
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which allow the PC restricted access to a SCS1 18 such that the PC cannot directly select or arbitrate for the 
disk drive or issue commands over the SCSI interface 18. These operations can be performed only by the Su- 
pervisor microprocessor 14, which communicates bidirectionally with the PC using status in/out ports 20 and 
22. 

5 Communication between the microprocessor 14 and the SCSI interface 18 takes place via the bidirectional 

ports of a second transceiver 24. The Supervisor also includes its own Read Only Memory (ROM) 26, holding 
a Supervisor Operating System and a control program, and Random Access Memory (RAM) 28, which is a 
scratch memory used to hold parameters. Reset logic 30 is also provided, and is used for clearing the PC mem- 
ory if and when an attempt is made to perform an operation prohibited by the Supervisor. 
10 Referring to Figure 2 there is shown a schematic diagram of an actual embodiment of the invention with 

the integers numbered identically to those of Fig. 1. 

The embodiment of Fig. 2 further includes the following components: Gate Array Logic (GAL) devices GI- 
GS; buffers B1, B2; and flip-flops 74,1(1), 74,1(2), 74,2(1) and 74,2(2). 

The function of these components is as follows. G1 maps the ROM BIOS into the IBM memory map, and 
15 also provides tristate connection of the output of flip-flop 74,2(2) to the IBM data bus. 

G2 provides access by the IBM to a subset of the SCSI controller's internal registers by mapping them 
into the IBM I/O space. G2 further provides pseudo-DMA decoding logic for data transfer to/from the SCSI 
controller, and maps a flag, ie. flip-flop 74,2(2) and latch P1 into the IBM I/O space. 

G3 multiplexes between the Supervisor and IBM address buses, to the SCSI controller address bus. 
20 G4 multiplexes between the Supervisor and IBM control lines, to the SCSI controller. G4 also enables eith- 
er (but never both) transceivers T1 , T2, and includes logic for possible wait state during data transfers between 
the IBM and the SCSI controller G5 maps all ports in the Supervisor I/O space: Latches P1, P2, SCSI reset 
line and flip-flops 74,1(2) and 74,2(2). G5 further maps ROM into the Supervisor memory map, and provides 
tristate connection of output of flip-flop 74,2(2) to the Supervisor data bus. 
25 The buffers B1, B2 ensure that there can be only one gate draining current from the IBM Backplane for 
each of the address, IOR and IOW lines. 

Flip-flop 74,1(1) divides the clock frequency by two and squares up the pulses. Dependent on the output 
of 74,1(2), either the IBM has access (restricted) or the Supervisor has access, to the SCSI controller. 

74,2(1) provides part of the timing for wait state generation during SCSI date transfer, while 74,2(2) is a 
30 flag to indicate that a data byte has been sent by the IBM for the attention of the Supervisor. 

The components of the embodiment of Fig. 2 are as follows. GAL's G1-G5 are of the type SGS Thomson 
GAL 16V8-15ns; flip-flops 74,1(1), 74,1(2), 74,2(1) and 74,2(2) are of the type 74ALS74; buffers B1, B2 are 
74ALS244's; latches P1, P2 are 74ALS373's; transceivers T1, T2 are 74F245's; the processor 14 is a Zilog 
Z84C50 (10MHz); the ROM 12 a 2764A (8k x 8); and the SCSI controller 18 a NCR 5380. 
35 Inspection of Fig. 2 clearly shows that a virus can never interfere with the Supervisor microprocessor 14 

since it is only able to fetch executable code from its own ROM 26. 

A more detailed description of the embodiment of the Supervisor shown in Fig. 2 is not given herein, as 
this would be within the normal understanding of a person skilled in the art 

Other options within the scope of the invention are possible. For example in firmware form, the Supervisor 
40 could substantially be resident on the hard disk itself. It could also handle hard disks which have interfaces 
other than SCSI, eg. AT or ESDI. 

In general the principles of the embodiment of the invention hereinbefore described apply to the coupling 
of any hard disk to any computer by any interface. For example, the invention cold equally be applied to the 
popular Apple Macintosh range of personal computers which use an operating system different from DOS. Fur- 
45 thermore, it should be appreciated that application also exists for multi-user f ileservers, in which case the Su- 
pervisor on the f ileserver will require to be aware of which user (terminal) is using which files erver partition 
so that it knows which computer to reset if an illegal request is made. 

As will be seen from the foregoing, the invention provides a means of protecting computer systems against 
virus infection and may be implemented in hardware or firmware with no modification of an existing hardware 
so or operating system. Further, it requires virtually no active participation by the user in order to be effective. 
Devices which could be protected by the invention include, for example, hard disk drives, floppy disk drives, 
optical disk drives, tape drives, file servers and networks. 



55 Claims 

1. A method of controlling access to and modification of information stored on a storage medium forming 
part of a computer system comprising: 
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dividing information stored on the storage medium into a plurality of non-overlapping partitions, in- 
cluding a boot partition and a plurality of general partitions, each of the partitions being further divided 
into a plurality of sectors, any designated subset of the general partitions being active at any given time 
when the computer system is in use 
5 characterised by, 

providing supervising means (1 2, 14, 1 6, 1 8 t 20, 22, 24, 26, 28, 30) separate of a central processing 
unit (CPU) of the computer system and made inaccessible to the user for controlling the performance of 
read, write and format operations upon the information stored on the storage medium so as to allow, re- 
strict or prevent such operations depending upon the type of information stored within a sector and type 
10 and status of the partition within which the sector is located, 

the supervising means causing a reset to be required of the computer system should an attempt 
be made to perform a prohibited read, write or format operation, said reset causing memory to be cleared 
and the operating system to be loaded. 

f 5 2. A method as claimed in claim 1, characterised in that read operations are allowed on any information 
in the boot partition, but an attempt to write or format the boot partition causes a system reset 

3. A method as claimed in claims 1 or 2, characterised in that boot sectors of the storage medium are con- 
sidered to be part of the boot partition, irrespective of the position of the starting sector of the boot partition 

20 as may be defined by the storage medium operating system. 

4. A method as claimed in claims 1 to 3 inclusive, characterised in that reading of any operating system 
information sectors or user-generated information sectors in an active general partition is allowed, writing 
to such user-generated information sectors is allowed, and writing to such operating system information 
sectors is restricted such that an attempt to modi f y the size or boundaries of the partition causes a system 
reset 

5. A method as claimed in any of claims 1 to 4 inclusive, characterised in that only the reading of information 
from operating system sectors of inactive general partitions is allowed, and an attempt to perform any 
other read, write or format operations on such partitions is either denied or causes a system reset 

30 

6. A method as claimed in any preceding claim, characterised in that the restriction or prevention of the 
performance of read, write and format operations can be removed to allow setup or maintenance of the 
storage medium and thereafter reinstated. 

35 7. A method as claimed in any of claims 1 to 6 inclusive, characterised in that the storage medium is any 
one of a hard disk, a floppy disk, an optical disk or a tape. 

8. A method as claimed in any of claims 1 to 6 inclusive, characterised in that the storage medium is a 
f ileserver, and the computer system is a local area network, and which user computer is using which par- 

40 tition of the f ileserver is determined such that an attempt by a user computer to perform a prohibited op- 

eration causes a reset to be required of the user computer. 

9. An apparatus for controlling access to and modification of information stored on a storage medium of a 
computer system, the information on the storage medium being divided into a plurality of non-overlapping 

^ partitions, including a boot partition and a plurality of general partitions, each partition being further div- 

ided into a plurality of sectors, any designated subset of the general partitions being active at any given 
time when the computer system is in use, characterised in that the apparatus comprises a supervising 
means separate of a central processing unit (CPU) of the computer system and made inaccessible to the 
user for controlling the performance of read, write or format operations depending upon the information 

^ stored on the storage medium so as to allow, restrict or prevent such operations depending upon the type 

of information stored within a sector and the type and status of the partition within which the sector is 
located wherein, in use, the supervising means causes a reset to be required of the computer system 
should an attempt be made to perform a prohibited read, write or format operation, said reset causing 
memory to be cleared and the operating system to be loaded. 

55 

1 0. An apparatus as claimed in claim 9, characterised in that the apparatus provides hardware means adapt- 
ed to be incorporated into the computer system. 
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11. An apparatus as claimed in claim 9, characterised in that the apparatus provides firmware means adapt- 
ed to be incorporated into the computer system. 

12. An apparatus as claimed in claim 9, characterised in that the apparatus provides a combination of both 
hardware and firmware means, both being adapted to be incorporated into the computer system. 

1 3. An apparatus as claimed in any of claims 9, characterised in that there is provided a processor (1 4) which 
is made inaccessible to a user and to any virus and which supervises all data transfers between and within 
sub-divisions of the storage medium or storage media placed under its control. 



Patentanspruche 

1. Verfahren, urn den Zugriff auf und eine Veranderung von Informationen zu kontrollieren, die ineinem Spei- 
15 chermedium gespeichert sind, das Teil eines Computersystems ist, mit den Schritten: 

es wird die in dem Speichermedium gespeicherten Informationen in eine Vielzahl nichtuberlappen- 
der Partitions aufgeteilt, zu denen eine Bootpartition sowie eine Anzahl allgemeiner Partitions gehort, wo- 
bei ferner jede Partition in eine Vielzahl von Sektoren aufgeteilt wird, und jedes benannte Subset der all- 
gemeinen Partitions zu jeder beliebigen Zeit, zu der das Computersystem in Gebrauch ist, aktiv ist, da- 

20 durch gekennzeichnet, 

dad Oberwachungsmittel (12, 14, 16, 18, 20, 22, 24, 26, 28, 30) bereitgestellt werden, die von der 
zentralen Verarbeitungseinhett (CPU) des Computersystems getrennt undf Or den Benutzer unzuganglich 
gemacht werden, urn die Ausfuhrung von Lese-, Schreib- und Formatierungsoperationen an den in dem 
Speichermedium gespeicherten Informationen zu kontrollieren, urn so abhangig von dem in einem Sektor 

25 gespeicherten Informationstyp und von dem Typ und dem Zustand der Partition, innerhalb der sich der 

Sektor bef indet, solche Operattonen zuzulassen, einzuschranken oder zu ver hinder n, 

und daB erforderlichenfalls die Oberwachungsmittel ein Rucksetzen des Computersystems bewir- 
ken, falls ein Versuch gemacht werden sollte, eine verbotene Lese-, Schreibe- oder Formatierungsope- 
ration durchzuf uhren, wobei das Zurucksetzen bewirkt, daR der Speicher bereinigt und das Betriebssy- 

30 stem geladen wird. 

2. Verfahren nach Anspruch 1, dadurch gekennzeichnet, daft die Leseoperationen fur alie Informationen in 
der Bootpartition gestattet sind, jedoch ein Versuch in die Bootpartition zu schreiben oder sie zu forma- 
tieren, ein Rucksetzen des Systems verursacht 

35 3. Verfahren nach den Anspruchen 1 oder 2, dadurch gekennzeichnet, dad die Bootsektoren in dem Spei- 
chermedium als Teil der Bootpartition angesehen werden, unabhangig von der Position des Start sektors 
der Bootpartition, wie sie durch das Betriebssystem fur das Speichermedium def iniert ist 

4. Verfahren nach den Anspruchen 1 bis 3, dadurch gekennzeichnet, dad das Lesen beliebiger Informati- 
40 onssektoren des Betriebssystems oder beliebiger durch Benutzer erzeugter Informationssektoren in der 

aktiven allgemeinen Partition zulassig ist, da& das Schreiben in solchen vom Benutzer erzeugten Infor- 
mationssektoren zulassig ist und daft das Schreiben in solche Informationssektoren des Betriebssystems 
in der Weise beschrankt ist, dad ein Versuch, die GroBe oder die Grenzen der Partition zu verandern, ein 
Rucksetzen des Systems bewirkt 

45 

5. Verfahren nach einem der Anspruche 1 bis 4 einschlielilich, dadurch gekennzeichnet, daB lediglich das 
Lesen von Informationen aus den Sektoren des Betriebssystems aus inaktiven allgemeinen Partitions zu- 
lassig ist und ein Versuch, jede andere Lese-, Schreib- oder Formatierungsoperation in solchen Partitions 
durchzuf uhren, entweder abgelehnt wird oder ein Rucksetzen des Systems bewirkt 

50 

6. Verfahren nach einem der vorhergehenden Anspruche, dadurch gekennzeichnet, daft die BeschrSnkung 
oder Verhinderung Lese-, Schreib- oder Formatierungsoperationen auszufuhren, aufgehoben werden 
kann, urn die Einstellung oder Wartung des Speichermdiums zu ermoglichen, und daft diese sodann wie- 
der in Kraft gesetzt wird. 

55 

7. Verfahren nach einem der Anspruche 1 bis 6 einschlie&lich, dadurch gekennzeichnet, dad das Speicher- 
medium eine Harddisk, eine Ftoppydisk, eine Optical-disk oder ein Band ist 
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8. Verfahren nach einem der Anspruche 1 bis 6 einschlieftlich, dadurch gekennzeichnet, daft das Speicher- 
medium ein Fileserver und das Computersystem ein lokales Netzwerk ist und daft die Festlegung welcher 
Benutzercomputer weiche Partition des Fileservers verwendet derart getroffen ist, daft ein Versuch sei- 
tens eines Benutzercomputers, eine verbotene Operation auszufuhren, bewirkt, daft erforderlichenfalls 

5 der Benutzercomputer zuruckgesetzt wird. 

9. Vorrichtung, um den Zugriff auf und eine Veranderung von Informationen zu kontrollieren, die in einem 
Speichermedium gespeichertsind, das Teil eines Computersystems ist, wobei die in dem Speichermedi- 
um gespeicherten Informationen in eine Vielzahl nicht iiberfappender Partitions aufgeteilt wird, zu denen 

10 eine Bootpartition sowie eine Anzahl allgemeiner Partitions gehort, wobei ferner jede Partition in eine Viel- 

zahl von Sektoren aufgeteilt wird, und jedes benannte Subset der allgemeinen Partitions zu jeder belie- 
bigen Zeit, zu der das Computersystem in Gebrauch ist, aktiv ist, dadurch gekennzeichnet, 

daft die Vorrichtung Uberwachungsmittel aufweist, die von der zentralen Verarbeitungseinheit 
(CPU) des Computersystems getrennt und fur den Benutzer unzuganglich gemacht sind, um die Ausfuh- 

15 rung von Lese-, Schreib- und Formatierungsoperationen an den in dem Speichermedium gespeicherten 

Informationen zu kontrollieren, um so abhangig von dem in einem Sektor gespeicherten Informationstyp 
und von dem Typ und dem Zustand der Partition, innerhaib der sich der Sektor bef indet, sdche Opera- 
tionen zuzulassen, einzuschranken oder zu verhindern, wobei im Gebrauch erforderlichenfalls die Uber- 
wachungsmittel ein Rucksetzen des Computersystems bewirken, falls ein Versuch gemacht werden soil- 

20 te, eine verbotene Lese-, Schreibe- oder Formatierungsoperation durchzuf Ghren, und das Zurucksetzen 

bewirkt, daft der Speicher bereinigt und das Betriebssystem geladen wird. 

1 0. Vorrichtung nach Anspruch 9, dadurch gekennzeichnet, daft sie Hardwaremittel aufweist, die so gestaltet 
sind, daft diese in das Computersystem inkorporierbar sind. 

25 

11. Vorrichtung nach Anspruch 9, dadurch gekennzeichnet, daft sie Firmwaremittel aufweist, die so gestaltet 
sind, daft diese in das Computersystem inkorporierbar sind. 

1 2. Vorrichtung nach Anspruch 9, dadurch gekennzeichnet, daft sie ein Kombination aus Hardware- und Firnv 
waremttteln aufweist, die beide so gestaltet sind, daft diese in das Computersystem inkorporierbar sind. 

30 

1 3. Vorrichtung nach einem der Anspruche 9 bis 1 2, dadurch gekennzeichnet, daft ein Prozessor (14) vorge- 
sehen ist, der fur Benutzer und beliebige (Computer-)Viren unzuganglich gemacht ist und daft der gesam- 
te Datentransfer zwischen und innerhaib von Untereinheiten des Speichermediums oder der Speicher- 
medien unter seine Kontrolle gestellt ist. 



Revendications 



1. Procede pour commander Pacces et modifier des informations enregistrees sur un support de stockage 
40 faisant partie d'un systeme informatique comprenant : 

la division d'informations enregistrees sur le support de stockage en une pluralite de partitions non 
chevauchantes, comprenant une partition ^initialisation etune pluralite de partitions generales, chacune 
des partitions etant en outre divisee en une pluralite de secteurs, n'importe quel sous-ensemble designs 
des partitions generales etant act if a n'importe quel instant donne lorsque le systeme informatique est 

45 utilise, caracterise par 

la fourniture de moyens de supervision (12, 14, 16, 18, 20, 22, 24, 26, 28, 30) independants d'une 
unite centrale de traitement (CPU) du systeme informatique et rendus inaccessibles a Putilisateur pour 
commander I'execution d'operations de lecture, d'ecriture et de formatage sur les informations enregis- 
trees sur le support de stockage af in d'autoriser, de limiter ou d'interdire de telles operations en fonction 

50 du type d'informations enregistrees dans un secteur et du type et de I'etat de la partition dans iaquelle 

le secteur est situe, 

les moyens de supervision provoquant une reinitialisation a requerir du systeme informatique si 
une tentative d'execution d'une operation interdite de lecture, d'ecriture ou de formatage est effect uee, 
ladite reinitialisation provoquant le vidage de la memoire et le chargement du systeme d'exploitation. 

55 

2. Procede selon la revendication 1 , caracterise en ce que des operations de lecture sont autorisees sur 
n'importe quelle information dans la partition ^initialisation, une tentative d'ecriture ou de formatage de 
la partition d'initialisation provoquant cependant une reinitialisation du systeme. 
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3. Proced6 seton la revendication 1 ou 2, caracterise en ce que des secteurs d Initialisation du support de 
stockage sont consid6res comme une partie de la partition d'initialisation, independamment de la position 
du secteur de d6marrage de la partition d'initialisation telle qu'elle peut etre d6f inie par le systeme Sex- 
ploitation du support de stockage. 

4. Precede selon Tune quelconque des revendications 1 a 3, caracterise en ce que la lecture de n'importe 
quel secteur d'informations du systeme d'exploitation ou secteur d'informations g6n£re par I'utilisateur 
dans une partition generate active est autoris6e, recriture dans de tels secteurs d'informations g6neres 
par rutilisateur est autoris6e, et recriture dans de tels secteurs d'informations du systeme d'exploitation 
est limitee de telle sorte qu'une tentative pour modifier la taille ou les limites de la partition provoque une 
reinitialisation du systeme. 

5. Precede selon Tune quelconque des revendications 1 a 4, caracterise en ce que seufe la lecture d'infor- 
mations provenant de secteurs du systeme d'exploitation de partitions generates inactives est autoris6e, 
et une tentative pour ex6cuter n'importe quelle autre operation de lecture, d'ecriture ou de formatage sur 
de telles partitions est refuse e ou bien provoque une reinitalisation du systeme. 

6. Proced6 selon Tune quelconque des revendications precedentes, caracterise en ce que la limitation ou 
('interdiction de I'execution d'operations de lecture, d'ecriture et de formatage peut etre annulee pour per- 
mettre la configuration ou la maintenance du support de stockage et etre ensuite retablies. 

7. Procede selon Tune quelconque des revendications 1 a 6, caracterise en ce que le support de stockage 
est n'importe quel disque dur, disquette, disque optique ou bande. 

8. Precede selon Tune quelconque des revendications 1 a 6, caracterise en ce que le support de stockage 
est un serveur de fichiers, et le systeme informatique est un reseau local, et tel ordinateur d'utilisateur 
utilisant telle partition du serveur de fichiers est determine de telle sorte qu'une tentative parun ordinateur 
d'utilisateur d'executer une operation interdite provoque une reinitialisation a requerir de ('ordinateur de 
I'utilisateur. 

9. Appareil pour commander I'acces et la modification d'informations enregistrees sur un support de stocka- 
ge d'un systeme informatique, les informations du support de stockage etant divisees en une plural ite de 
partitions non chevauchantes, comprenant une partition d'initialisation et une pluralite de partitions ge- 
nerates, chaque partition etant en outre divisee en une pluralite de secteurs, n'importe quel sous- 
ensemble design6 des partitions generates etant act if a n'importe quel instant donne lorsque le systeme 
informatique est utilise, caracterise en ce que I'appareil com pre nd des moyens de supervision indepen- 
dants d'une unite cent rale de traitement (CPU) du systeme informatique et rendus inaccessibles a ruti- 
lisateur pour commander I'execution ^operations de lecture, d'ecriture ou de formatage en fonction des 
informations enregistrees sur le support de stockage af in d'autoriser, de limiter ou d'interdire de telles ope- 
rations en fonction du type d'informations enregistrees dans un secteur et du type et de retat de la partition 
dans laquelle le secteur est situ6 en ce que, en utilisation, les moyens de supervision provoquent une 
reinitialisation a requerir du systeme informatique si une tentative d'execution d'une operation interdite 
de lecture, d'ecriture ou de formatage est effect uee, ladite reinitialisation provoquant le vidage de la me- 
moire et le chargement du systeme d'exploitation. 

10. Appareil selon la revendication 9, caracterise en ce que I'appareil fournit des moyens materiels adaptes 
pour etre incorpores dans le systeme informatique. 

11. Appareil selon la revendication 9, caracterise en ce que I'appareil fournit des moyens de microprogram- 
mation adaptes pour etre incorpores dans le systeme informatique. 

12. Appareil selon la revendication 9, caracterise en ce que I'appareil fournit une combinaison de moyens 
materiels et de microprogrammation, tous deux adaptes pour etre incorpores dans le systeme informati- 
que. 

13. Appareil selon Tune quelconque des revendications 10 a 12, caracterise en ce qu'un processeur (14) est 
propose lequel est rendu inaccessible a un utilisateur et a n'importe quel virus et qui supervise tous les 
transferts de donnees entre et a I'interieur des subdivisions du support de stockage ou des supports de 
stockage places sous son contrdle. 
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